. . >> this week on "the communicators," a discussion

about the internet with rod beckstrom, the head of the internet corporation for assigned names and numbers. >> host: this week on "the communicators" we're pleased to have the president and ceo of i can, rod beckstrom. thank you for being with us. start by explaining what it is, if you would. >> guest: sure. it's the internet corporation for assigned names and numbers, and there's basically four things we do that are related. we set the global policies for all internet do main -- domain names, we enforce that integrity with our partners throughout the world. we have the allocation policies to distribute those internationally, so names and addresses. and then the system that links names and addresses so the internet actually works when you type in, say, c-span.org or you type in google.com so you actually get to the right internet address.

that's called the domain name system. we help to coordinate that with many different partners around the world, and finally, we're the master repository for all the internet standards, they're call canned parameters and -- called parameters and protocols. those are developed by engineers around the world through the internet engineering task force, but we're the official publisher of that. we have names, network addresses, domain name systems and then the standards and protocols, some of the glue that helps keep the web together. >> host: how and when did ican start? >> guest: it was founded in 1988 at the request of international countries and other partners to keep them into a private sector multistakeholder body. so we're a nonprofit organization based in california, but our board of directors is very international. sixteen out of the 22 are from around the world. so we're very international

though we're headquartered in the united states. >> host: how is it funded? >> guest: we're funded by fees on the registration of domain names. so when a registry such as a dot.com or a dot.edu, they pay us around 20 cents per year, and we also get an entity like go daddy or register come, when you go and register that domain name, about another 18 cents or so goes to ican. so that's how we get our fund, off the registration of domain names. there's some other minor sources. >> host: so no government funding at this point. >> guest: zero government funding. >> host: and is there government oversight? >> guest: well, there was some government oversight in a form until october the 1st from the u.s. government where we published reviews to the u.s. government on a periodic basis. and that was done to make sure

that we lived up to a standard of becoming this multistakeholder group because when we were formed around 11 years ago, peter, there was only one commercial registry then and one registrar. we were supposed to create this ecosystem of competitive parties. there's no 11 different registries, 269 in total and over 900 registrars. so we had to prove we could create that ecosystem. since we've done that, the u.s. government do said, fine, you accomplished that, now you should be responsible to the world to be accountable and transparent in how you help to administer your part of the ecosystem. >> host: well, joining us, also, is christopher rhoads who is a technology reporter from "the wall street journal." he's in new york. your first question for rod beckstrom. >> host: yes, rod, i know that ic can an is going to this internationalized domain name program where part of the domain name to the right of the dot for

the first time will be in nonroman characters such as hindi and chinese and so forth. why is ican doing that now? >> guest: the reason we're doing that, chris, is there's been a consistent -- you know, when the internet initially got designed, there was a big debate about whether it should support international scripts or just latin-based script which we think of as english characters, but they're used by most of the european languages and some others. at the time the engineers, and this was about two decades ago, decided to make it latin only pause there was not a standard for the other scripts. so the protocol itself developed in '73 got created around latin script. of course, people around the world have been saying we want everything in our own language. we should be able to write our domain names in arabic or chinese. about 11 years ago, a researcher in switzerland came up with the

idea saying, let's go introduce international domain name languages on top of that latin-based architecture. that got picked up in singapore, china. eleven years later, there is a standard immersion called idn which the itf has developed, the engineers, and then nine years of policy work later because there's a lot of subtle issues, we're finally able to roll it out. there's been about two years of technical testing and what we call the root system for testing. that has gone successfully, so it's taken all those years, chris -- i know it's a long time -- but finally we're ready to begin rolling that out. so we'll start accepting applications november 16th, in just a few days here. and then hope to put those into the internet route mid next year. >> host: we here in the u.s. where the internet was created have had a wig advantage, of course -- big advantage, of course, by being english

speakers and other english speakers around the world have had that same slang in term -- advantage in terms of using the internet. now going with these non-roman characters, is something lost? obviously, something is gained in those countries. but is something lost in the sense of the universality of the internet where we might now start to get a more segmented internet, sort of focused on more individual countries rather or than this more global forum? >> guest: yeah, both yes and no, chris. so, yes, in ways we're probably going to see larger pockets of content in communities developing in languages that you and i might not recognize. so from our standpoint as westerners it might seem fragmented, and yet on the other hand, introducing internationalized doe do main names so that the 300 million chinese internet users can use domain names in their language

will actually help hold unity together the. there's been discussions of parties developing alternative routes to the internet or what we call forking the route. one of the primary causes people have cited for the interest in that was their inability to use their own language and scripts on the internet. so there'll be both a proliferation of different communities that you and i may not recognize, at the same time, i think it'll actually help the overall unity, technically, of the internet to continue. it'll be interesting to see. >> host: do you think that on that point it will, by going with these internationalized domain names, do you think it really will have a real practical effect in terms of how people use the internet, or is it -- excuse me -- is it more of a cosmetic change or sort of a symbolic change where you're saying to the rest of the world, we see you, we recognize that most of the users now are outside of the u.s., outside of

english-speaking countries, so we're making this step for you recognizing that, but in terms of the practical effect creating more internet users and so forth, do you really think there'll be much of a difference? >> guest: you know, we'll see. i think it'll be a little bit of both, chris. first off, let's talk about the symbolism. i mean, this is really important to people. i think it's an issue of natural pride, cultural pride. people want to be able to use this global, shared resource, the internet, fully in their own languages. let's talk about the practical side as well. on the practical side, if you're a housewife in korea, okay, or a businessman in china who only speaks korean or chinese, your keyboard is laid out for korean or chinese. when you do your word processing, you would write in korean or chinese on your keyboard, and then to do a domain name you'd have to flip your keyboard mode and work in a second language. that's quite an inconvenience for people and just a little bit

of a barrier. the other thing that we've learned in some of the testing, chris, is that the biggest uptake of the international domain names is small local businesses. so it's not the big global brands, you know, that everyone knows in latin characters, it's the local restaurant or the park or the police station that has a local identity that people think of in chinese characters, for example, that they'd never think of that, you know, police station or that local restaurant in a latin character. so we'll see, chris, i would expect to see more proliferation there initially in the smaller businesses and groups around the world. but ultimately, we'll see whether this is just a psychic issue, you know, and a pride issue or whether it really opens up the floodgates for a lot of new domain names and content and sites. we'll see. >> host: mr. beckstrom, is there a security issue involved with this or a security concern involved with opening this up? >> guest: there are, peter, and anytime you do anything on the internet, you know, we tend to use open standards in opening it

up. most people are good, so they'll use the new open standards and the new capabilities for good purposes, some people are bad, some people are very bad, and they'll try to take any new technology, any new standard and find a way to use that to whether, you know, steal money or extort money or, you know, cyber crimes is a really serious problem. and concerns around some of for security issues on international domain names is part of why it's taken nine years to develop the policies. a simple example would be in a script like si rillic which the russians use, there are some letters -- they have a letter that looks just like our letter a, but it's a different letter. if you allow someone to mix english script with russian script in a name, they could put the letter a in something and make it look like ebay, for example, or something when it really wasn't. it was a different site with an e, a b, and a russian -- so we have banned that. so the international domain names, the string has to be

consistently in international character cans to avoid what we call spoofing. spoofing is when someone tries to make a web site look like someone else's web site to get their password or steal their money. so a lot of the policy development in idns, international domain names, has been designed to reduce some of the security risks and fraud. will there be security issues? always with any new technology the. but the policy work has been created in cooperate with law enforcement participation and many other parties to try and at least minimize those impacts. >> host: where does ican's authority derive from? >> guest: really from the community and the fact that we have registrars active in our community, isps, registries, governments. we have 99 governments in our government advisory committee. we have private sector groups, civil society, privacy groups, you know, environment -- i mean, everybody comes.

there's probably somewhere between 10-20,000 the people come and participate in these policy processes and meetings each year. >> host: but are there governments that don't the recognize ican's authority? >> guest: in general, i would say they accept ican's role because ican is facilitating the internet functioning from a names and addresses standpoint. there are some governments who might like to see that formally government controlled by some kind of other governmental body, but i'd say in general the buy-in's quite good. we were very pleased, peter, for example, when china just came and formally rejoined our government advisory committee just in june of this year. that was a big development. one of the few other major companies that's not yet formally at the table is russia, and that's actually because of some subtle legal issues and perhaps that's something that'll change in the future. >> host: does that prevent them from using the internet in any

way? >> guest: absolutely. they use it very actively, they're active in the stakeholder processes, and there seems to be an expression of interest. president medvedev just got a briefing two days ago that's online of him being briefed by the minister of telecommunications on international domain names and how they intend to work on the cyrillic alphabet. so in general we see very good government buy-in in to what we're doing, but sometimes they're not used to private corporations, in many ways having an equal seat at the table. >> host: this is "the communicators" program, our guest is rod beckstrom who is president of the internet corporation for assigned names and numbers, also known as icann. joins us from christopher rhoads of "the wall street journal." next question. >> host: on the point that peter raised a minute ago about the security side of this, rod, of course this is an area you know

well as head of cybersecurity for the department of homeland defense. how big of an issue is this going to be for icann, and will that be part of icann's role going forward, to play a bigger role, bigger part in the cybersecurity area? >> guest: it's a great question, chris, you know, what role are we going to play in cyber security? we have certain touch points, so there's certain things we can do and certain things we absolutely cannot do. we're fundamentally a bottom-up community-driven organization, so we have to be sensitive to the role that isps want us to be enraged in and all those stakeholders. the piece that we are charged with focus thing on is the security of the domain name system, the system that when we type in c-span.org, for example, into a browser, it invokes the domain name system that comes back with a network address. that system is used hundreds of

billions of times per day. it can be used by hackers, in particular in these new what are coulded bot net attacks where studented ip stall their mall ware on, say, hundreds of thousands of machines and they can command them to do bad things. those systems tend to leverage the domain name system because they have to move their control point, otherwise you can shut them down if you know what the control point is and you shut down that web address or that domain address and network address. so we have a special focus on the domain name system. the other thing about icann that's unique is we have to be like switzerland, okay? so there's cyber defense and offense. we have nothing to do with offense anywhere, okay? we can focus only on defense, and we have to remain as neutral as switzerland because we have 240 countries around the world that we deal with and territories. everything from u.s. to all the european partners to syria, iran, north korea, i mean,

everyone has some presence on the internet, and their relationship for their country code domains is with with icann. so we effectively work with everyone in the world. so we have to stay very neutral and focus on supporting security of the domain name system through and with our partners. >> host: so it's a tricky game we have to play of staying in the middle. >> host: christopher rhoads. >> host: the computer viruses and other types of computer attacks, of course, are nothing new. they've existed since the beginning of the internet the, but it seems like they are getting more sophisticated by the minute and just the power of these things growing exponentially. what's your current assessment of the state of where things are right now in terms of the level of this cyber activity, illegal activity, attacks and the ability of the good guys to the

fight against that? obviously, it's an up and down situation, but what's your sense of the current situation and how serious is this for, for using the internet as we know it? >> guest: sure. well, it's a very serious issue, chris, as you point out. i would say in the short term things have been getting worse, okay? the trend line in the last 24 months has been many more viruses, many sophisticated botnets. there's one out there that's very nasty that much of the world has been fighting now for i think around a year. it's still on p at least three or five million machines, okay? it's the very pernicious. it hasn't been used for bad yet but could be. and icann's role was helping get another 100 countries in to join the battle because, again, we're that neutral meeting place. but i think in the short term, chris, i think the bad guys are

getting a bit of the upper hand. they're networking very well internationally, so you're seeing european cyber criminals linking with some in latin america or the middle east and asia. very sophisticated techniques, a lot of financial crimes that are taking place and others, and this is really a world class problem, and it's one, i think, can only be solved by better international corroboration between the parties. but as consumers, we've got to be very careful on our own machines, and i think we should all think twice before doing all of our banking online, for example. you want to be really careful in how you approach -- i do my online banking with a separate machine that is only plugged in for two minutes a week to execute those transactions, and otherwise there's no financial records on any of my computers. i have a dedicated laptop. >> host: do you advise that for everybody? >> guest: you know, the good news is with pcs getting as cheap as $200 each or 400, look, i think it's not a bad practice.

what i'm trying to do is limit access people might have to my financial records. now, an alternative is to, you know, stop using online banking completely. i'm not advocating that, but there are programs now called key stroke loggers that can get loaded onto your machine by looking at one image, and then someone has the ability to track every key stroke you're doing, including your password. so they can see you go to a banking web site, capture your password and then use that to take your funds. >> host: millions of people online bank on their normal computers. >> guest: yes. >> host: or on a remote computer, work computer, whatever it is. >> guest: yes. >> host: has the danger increased, or what's being done to stop that? >> guest: maybe my paranoia increased, you know, i've been the directer of the national cyber security center, and you really get a sense of the scale of activity in how pernicious it can be. so maybe i'm in the school of

overly paranoid people. [laughter] having had that experience, or you could say more aware. i just, i think people should be quite, you know, quite cautious. now, the banks and the credit card companies have been very good, you know, in general to cover most of the customer losses that have come from this us but even like i learned one of my credit cards which is canceled, i was just told, you know, your credit card's been compromised, no explanation of how and where and why. but my guess is someone broke into a computer system somewhere and might have gotten a copy of that credit card data whether from a credit card company or one of their vendors or someone else. so, look, there's a lot of good work going on in industry and of parties around the world, but cyber crime is a very real thing, and i just encourage people to use caution. by the way, there's a good online program to do some training called antifishing phil. it's a game online that teaches you to avoid certain web links

and certain names that might come up just as an fyi. [laughter] >> host: christopher rhoads, next question for rod beckstrom. >> host: the other big change that seems to be come canning down the pipeline for icann is this opening up the domain name process meaning making it a lot easier to create new top-level domain names. the part of the domain name to the right of the dot such as dot.com or dot.net. if i understand correctly, we're going to soon have the ability to create a whole host of activities,.airport, whatever. as it related to the security issue we were just talking about, some, i know, were worried that having this increase of domain names could make it a lot easier for the bad guys out there to trick people and do their bad things.

what do you think about that? >> guest: you know, let me talk through some of the factors, and then i'll give you my sort of gut sense on it. my put sense is that overall having new generic top-level domain names will lead to more security, but let me explain why because there's a lot of different factors. one is the new parties that create those new names will have to sign a formal contract with icann and agree to a set of security standards that previous domains did not have to. they're going to have to use what's called dns secure, a secure domain name system that uses certificates so you really know you're getting the web site that you want to. that's the current proposal. the program's still under development. they'll have to be able to support ipv6 is the current proposal which is a new form of internet protocol version 6 which has some further

attributes, and moreover, we have a contract with with with us where they're going to have to avoid certain practices that they might have been able to do in other domains in the past. for example, the country code can doe neighbors around the -- domains around the world we have no contracts. we have a working relationship, but for sovereignty issue many communities and country cans have said we're not going to sign a contract with icann. so over those country code domains of which there's roughly 240, we do not have contracts in many cases so we can't dictate or develop security standards. it's totally optional. so there's that set of issues. there's another issue, chris, if we look at typo squatting. if you misspell a common name trying to go to -- you mentioned coke.com or ibm.com. let's say you misspell some of those words. in some cases you will go to a site that is held by a hostile party who's trying to generate transactions off of that. that's called typo squatting.

it won't be possible in a top-level domain unless your browser's not working properly. when that falsely-spelled request goes into the domain name system, it will be rejected because we're not going to approve any applications of typo squatting parties. in fact, to prove a new gtld, we're going to do background checks on the individual officers of the country -- company, we're going to look at the history of litigation, so we get to kind of do a lot of quality control around these new offerings that we have not been able to do historically. my gut sense is consumers are not going to be that confused. in fact, let's just say hypothetically c-span, they wouldn't go to c-span.org anymore, they would go to c-span, so peter at c-span, okay? and so arguably, there could be a high-level -- my gut sense is there will be because of the

quality control mechanisms, but at the same time all these issues are complex, you know, thieves and criminals will try to figure out how to use any system to create harm. and so we're going to have to keep an eye on it and possibly evolve the practices and policies as well. >> host: mr. beckstrom, how did you get into this work? >> guest: how did i get into this work? well, it's a long story. i was a high-tech ceo historically and started a company, took it public and sold that when i was fairly young. and then i did different social service projects mostly. i was in new york on 9/11, and my life changed that day. and i stopped all my business work, and for three-and-a-half years i worked on building a network of ceos to work on peace across the middle east and around the world. that work led to insights about how decentralized human and technical networks work. we were studying al-qaeda and building our own decentralized network. that led to a book called "the star fish and spider." that got read by cabinet members

and senior leaders in u.s. government. i then got recruited to help the u.s. government using some of these concepts and ideas for counterterrorism and cybersecurity. did my job in the government for a while, missed my family and went home, and icann called me. they were searching for a new ceo, and said we've got the perfect job, and all you have to do is move to l.a. i said, i'm not moving to l.a. fortunately, we came out with an understanding, and palo alto is the second site in the world ever connected by the internet, so a bit appropriate -- >> host: the first being -- >> guest: the first was los angeles, ucla campus. it was the first connection of the internet 40 years ago, october. >> host: christopher rhoads, time for one more question.

>> host: icann is obviously a unique beast, and you've been there, now, i guess, for four or five months or so. what has been your biggest surprise either positive or negative since you've been there? >> guest: the biggest surprise, chris, is just the massive volume of communications, activity the. the stakeholder groups are generating, you know, roughly -- our board books, we have a board meeting every month, there's 350 new pages every month of policy work whether it's ideas, so massive amount of documents, thousands of people involved, and the economic stakes are so massive, and we're this tiny little nonprofit organization in the middle. i mean, we're only a $60 million a year nonprofit which is tiny with this multitrillion dollar industry and billion dollar players all fighting over kind of the economic outcomes of these policies. so i guess what's really surprised me, chris, is just the power of these tech on the

thetic forces that are hitting the internet and us having that little role in the middle of names and numbers, protocalls and -- protocols and how that's coming together. i'm thrilled to be here.. >> host: how do can you get that authority, and do you foresee that an organization such as icann going out of business because of all these forces? >> guest: no, actually, the forces are coming to the table and getting more engaged. gtld has a lot of business concerns, it's bringing more businesses into the icann community, getting much more involved. no one ultimately has authority over the internet. it is the ultimate collaboration environment. if we're not doing our job at the end of the day or if the chinese are upset or another party's upset, they can always create their own internet route, okay? the network effect tends to bring people back in. the benefit of being connected to the rest of the world. our only authority r